[Samba] What is wrong with my nslcd configuration?

John Lewis oflameo2 at gmail.com
Sun Oct 5 09:25:16 MDT 2014 

I figured out a work around. I used ldbedit on
/var/lib/samba/private/sam.ldb and manually added the record "uidNumber:
1000"

I will map it explicitly in nslcd.conf unlike it was in the example on
the wiki.

Is there any command in the samba suite to modify this attribute
automatically without having to modify the ldap directly?

On 10/05/2014 10:27 AM, John Lewis wrote:
> I can't get my domain users presented to my local machine with getent
> passwd and the wiki
> https://wiki.samba.org/index.php/Local_user_management_and_authentication/nslcd
> doesn't give me any steps troubleshoot this issue. My best guess it that
> I configured the user account incorrectly or I configured nslcd
> incorrectly. I can't exactly see what is the problem.
> 
> I get these messages from nslcd when I started it in debug mode and ran
> getent passwd.
> 
> nslcd: [7b23c6] DEBUG: connection from pid=19355 uid=500 gid=0
> nslcd: [7b23c6] <passwd(all)> DEBUG:
> myldap_search(base="dc=CORP,dc=oflameo,dc=com", filter="(objectClass=user)")
> nslcd: [7b23c6] <passwd(all)> DEBUG: ldap_result():
> CN=DRAKEBURNER,OU=Domain Controllers,DC=corp,DC=oflameo,DC=com
> nslcd: [7b23c6] <passwd(all)> CN=DRAKEBURNER,OU=Domain
> Controllers,DC=corp,DC=oflameo,DC=com: uidNumber: missing
> nslcd: [7b23c6] <passwd(all)> DEBUG: ldap_result():
> CN=Administrator,CN=Users,DC=corp,DC=oflameo,DC=com
> nslcd: [7b23c6] <passwd(all)>
> CN=Administrator,CN=Users,DC=corp,DC=oflameo,DC=com: uidNumber: missing
> nslcd: [7b23c6] <passwd(all)> DEBUG: ldap_result():
> CN=ldap-connect,CN=Users,DC=corp,DC=oflameo,DC=com
> nslcd: [7b23c6] <passwd(all)>
> CN=ldap-connect,CN=Users,DC=corp,DC=oflameo,DC=com: uidNumber: missing
> nslcd: [7b23c6] <passwd(all)> DEBUG: ldap_result():
> CN=krbtgt,CN=Users,DC=corp,DC=oflameo,DC=com
> nslcd: [7b23c6] <passwd(all)>
> CN=krbtgt,CN=Users,DC=corp,DC=oflameo,DC=com: uidNumber: missing
> nslcd: [7b23c6] <passwd(all)> DEBUG: ldap_result():
> CN=Guest,CN=Users,DC=corp,DC=oflameo,DC=com
> nslcd: [7b23c6] <passwd(all)>
> CN=Guest,CN=Users,DC=corp,DC=oflameo,DC=com: uidNumber: missing
> nslcd: [7b23c6] <passwd(all)> DEBUG: ldap_result(): end of results (5 total)
> 
> This is the ldif of the user account I created.
> 
> dictator at drakeburner:~/samba/ldap$ cat ldap-connect.ldif
> # extended LDIF
> #
> # LDAPv3
> # base <cn=ldap-connect,cn=Users,dc=corp,dc=oflameo,dc=com> with scope
> subtree
> # filter: (objectclass=*)
> # requesting: ALL
> #
> 
> # ldap-connect, Users, corp.oflameo.com
> dn: CN=ldap-connect,CN=Users,DC=corp,DC=oflameo,DC=com
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: user
> cn: ldap-connect
> instanceType: 4
> whenCreated: 20141001025044.0Z
> uSNCreated: 3769
> name: ldap-connect
> objectGUID:: h5Ml10kKGk+tnk+yUkmSbA==
> badPwdCount: 0
> codePage: 0
> countryCode: 0
> badPasswordTime: 0
> lastLogoff: 0
> lastLogon: 0
> primaryGroupID: 513
> objectSid:: AQUAAAAAAAUVAAAAJqYPFioPpCmZ5TwaTwQAAA==
> accountExpires: 9223372036854775807
> logonCount: 0
> sAMAccountName: ldap-connect
> sAMAccountType: 805306368
> objectCategory:
> CN=Person,CN=Schema,CN=Configuration,DC=corp,DC=oflameo,DC=com
> userAccountControl: 512
> pwdLastSet: 130566324840000000
> homeDirectory:: IA==
> whenChanged: 20141005131318.0Z
> uSNChanged: 3777
> distinguishedName: CN=ldap-connect,CN=Users,DC=corp,DC=oflameo,DC=com
> 
> # search result
> search: 2
> result: 0 Success
> 
> # numResponses: 2
> # numEntries: 1
> 
> 
> Here is my nslcd.conf
> 
> dictator at drakeburner:~/samba/ldap$ cat /etc/nslcd.conf
> # /etc/nslcd.conf
> # nslcd configuration file. See nslcd.conf(5)
> # for details.
> 
> # The user and group nslcd should run as.
> uid nslcd
> gid nslcd
> 
> # The location at which the LDAP server(s) should be reachable.
> uri ldap://127.0.0.1:389
> 
> # The search base that will be used for all queries.
> base dc=CORP,dc=oflameo,dc=com
> 
> # Some seting for AD
> pagesize 1000
> referrals off
> 
> # Filters (only required if your accounts doesn't have
> objectClass=posixAccount
> # and your groups haven't objectClass=posixGroup. This objectClasses
> won't be added
> # by ADUC. So they won't be there automatically!)
> filter  passwd  (objectClass=user)
> filter  group   (objectClass=group)
> 
> # Attribut mappings (depending on your nslcd version, some might not be
> # necessary or can cause errors and can/must be removed)
> map     passwd  uid                sAMAccountName
> map     passwd  homeDirectory      unixHomeDirectory
> map     passwd  gecos              displayName
> map     passwd  gidNumber          primaryGroupID
> map     group   member             member
> 
> # Kerberos
> #sasl_mech GSSAPI
> #sasl_realm CORP.OFLAMEO.COM
> #krb5_ccname /tmp/nslcd.tkt
> 
> # The LDAP protocol version to use.
> #ldap_version 3
> 
> # LDAP bind (Account in AD that is used from nslcd to bind to the directory)
> binddn cn=ldap-connect,cn=Users,dc=corp,dc=oflameo,dc=com
> bindpw icanread33#
> 
> # The DN used for password modifications by root.
> #rootpwmoddn cn=admin,dc=example,dc=com
> 
> # SSL options
> #ssl off
> #tls_reqcert never
> 
> # The search scope.
> #scope sub
>

More information about the samba mailing list